Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - thomas

Pages: [1] 2 3 ... 5
1
News and Announcements / Re: Zentyal 4.1 available!
« on: March 29, 2015, 10:47:09 pm »
I  agree with werter, gerald_FS and gsiotas too

I use Zentyal since the "ebox time" (1.2).
I even tried to promote Zentyal to schools as an "all in one server" as it HAD a lot of network features

But with every new update the community release is trimmed. Over the time a lot of features disappeared (proxy, ids, wan failover, antivirus, web server, traffic shapping, events,  Dynamic DNS etc)

Zentyal is still a great product, but not as a standalone server. Other servers are necessary even in a small network (10-20 computers and devices)

I will too, try to migrate to other more completed (of services) alternatives.
nethserver.org looks promising. It reminds me the reasons I choose Zentyal a few years ago.

2
Sometimes, routers keep the port 80 for themselves

Have you try forward another port to 80?

e.g have you try to forward port 8081  (external router port) to port 80 of ebox?
then you can have access in:
http://yourboxIP:8081/egroupware

3
Installation and Upgrades / Re: slapd problem
« on: June 28, 2010, 11:45:52 pm »
I know that this is an old topic, but it is good to have a reply

Stop slapd
/etc/init.d/slapd stop

Edit /etc/ldap/slapd.conf
and append under the existing 'index' line the following line

index sambaSID,gidNumber      eq

The start the indexing
slapindex

change permissions
chown openldap:openldap /var/lib/ldap/*

Restart slapd
/etc/init.d/slapd start


For more 'resistent' solution do the same to the
/usr/share/ebox/stubs/usersandgroups/slapd.conf.mas


You can see more in
http://forum.ebox-platform.com/index.php?topic=664.0

4
Installation and Upgrades / Re: HOWTO: WEBMIN installation
« on: June 24, 2010, 08:17:58 pm »
As for the question
"Is this HOW-TO useful"

I must say that ALL how-to are useful

We must thank all the people that try and make them (even if we don't need them personally)

5
Installation and Upgrades / Re: HOWTO: WEBMIN installation
« on: June 24, 2010, 08:14:22 pm »
Enter these commands in the shell:

cd /usr/local
mkdir webmin
cd webmin
wget http://prdownloads.sourceforge.net/webadmin/webmin-1.510.tar.gz
tar xzvf webmin-1.510.tar.gz
cd webmin-1.510
sh setup.sh



A much easier intallation is with apt-get
Use the procedure as it appears in http://webmin.com/deb.html

Edit the /etc/apt/sources.list  file on your system and add the line :
Code: [Select]
deb http://download.webmin.com/download/repository sarge contrib
You should also fetch and install the GPG key with which the repository is signed, with the commands :
Code: [Select]
cd /root
wget http://www.webmin.com/jcameron-key.asc
apt-key add jcameron-key.asc

You will now be able to install web with the commands :
Code: [Select]
apt-get update
apt-get install webmin


DON'T FORGET that YOU MUST USE WEBMIN WITH VERY GREAT CARE, as it overlaps with eBox

6
Installation and Upgrades / Re: Cant configure DHCP
« on: June 24, 2010, 08:08:48 pm »
- In Nework section you set the DNS of the box. This is the DNS that you ISP provides you (or you can add as many DNS servers as you want). They also act as resolvers
- One Of your interfaces (eth0) must be marked as external and must be connected to a route that leads to your ISP
- In DNS section, you set your internal DNS, for your domain (if you set any and you want every internal client have a unique -- resolved by you, name)
- In firewall you must allow every internal client to have access to internet
- In DHCP section, for the second interface (eth1) (AND ONLY FOR THIS) you must set:
as gateway your ebox server,
as Primary Nameserver your local eBox DNS,
as secondary (your ISP's DNS)
AND you must add new range for you clients (e.g 192.168.1.10 - 192.168.1.100)

With the above you MUST have internet access from everywhere (ebox and clients)
If you can not access internet from clients, you should see the client's local firewall (if any)


7
I did some testing.
The upgrade procedure from 1.2 to 1.4 is full of questions on replacing *.conf files.
As I know, those files are maintained by ebox, so I think that either answer (yes or No) would do the same.... nothing. Am I correct??

Anyway, I saw that you made a new forum for the beta testers. I think that it would be nice to have a forum for the 'updaters - upgraders'.

In my experience, what makes a product 'ready for production' is the 'update- upgrade process' and the full documentation of it.

I am reading the forum, since the 1.0 version (and as the time passes) I find it difficult to keep up with the new versions, because the documentation and the how-to are placed all over the forum.

In my belief you should take extra care of users, that already have a production install, so as to convince them to keep up with ebox

Thanks

8
Sorry... I didn't see carefully what your networks were (which actually was one network)

UdoB is correct. But don't forget to set the gateway.

To allow networks interconnection, you must place rules in the "Rules for internal networks" section of firewall.

You don't have to disable the interfaces, just follow UdoB instructions and change the ip/network mask on each one of them.


9
There are two kind of logic you can apply

1) Allow everything from everywhere. When all is good, start denying service, until you have only the necessary

2) Block everything from everywhere (EXCEPT ebox administrator and probably ssh). Then start opening port and services.

It would be better to use the default rules and start opening ports.
Create the appropriate services (ICMP for ping etc) and allow everything from everywhere.
Keep in mind that everything refers to the services you have ALREADY  implement


10
Check you firewall's rules

11
I am using ebox 1.2 since the beginning and I have not any problems (now....)
I am looking in the forum, and I haven't find clear (and complete) instructions for the upgrade from 1.2 to 1.4.

I have read the http://trac.ebox-platform.com/wiki/Document/Documentation/Updates , and as I understand I have to manual add (or replace) the reposiroty:
deb http://ppa.launchpad.net/ebox/1.4/ubuntu hardy main
in /etc/apt/sources.lst
do an apt-get update
and an apt-get dist-upgrade

Is this enough?
Will my /usr/share/ebox/stubs/ directory  be replaced?
Will my /usr/share/squid/mime.conf will be replaced?
Will my /etc/ldap.secret be replaced?

Do I have to backup my changes?
Is there anything else, I have to keep in mind?

The above questions (and many more) are related with one of my ebox installations, a box acting as router, proxy, vpn, gateway, dhcp etc


I would like to know if this is a completely safe operation (the upgrade) after all.




12
Installation and Upgrades / Re: HOWTO: WEBMIN installation
« on: June 17, 2010, 02:50:03 pm »
Webmin is a great tool.
The problem is, that it overlaps ebox in many cases (samba, printers, network, firewall etc).
The good thing, is that if someone knows, what he is doing, it (webmin) can be a good tool, that "fills the gaps" (bootup scripts, cron jobs, grub manager and many more frontends for system internal)

So you may use it with very great care.

13
Ensure that the parent folder is shared to ALL the users you want to access it
make the individual folders in the parent folder
the admin folder MUST have 660 permissions. the owner user is one of the admins group and the groups must be the admin group.

e.g
the folder PARENT is shared to ALL users through ebox interface
that means that when you do ls you must see owner:ebox, group:ALLUSERS (assuming that ALLUSERS is the default group for all your users)
in the PARENT folder (from the cli)  make one folder ADMINFOLDER and change the ownership "chown adminuser:ADMINS" and "chmod 770 ADMINFOLDER" (assuming that the adminuser is a user int the ADMINS group)
restart samba

Now all users in the group ALLUSERS can browse the samba share PARENT.
But only the users in the ADMINS group can browse and write in the ADMINFOLDER.

So it is a two step procedure
1) make the share as usual
2) from the cli, assign the permissions to the specific folder

The only problem is that the files and folder that will be created in the ADMINS folder, will have permissions that will allow ALLUSERS to access them, AS SOON AS they are in the folder. But this is not going to happen, as the linux filesystem, will not allow them to 'enter' the directory ADMINS (remember that the ADMINS folder must have file permissions that allows ONLY the ADMINS group to read/write in the directory)

14
Installation and Upgrades / Re: Squid caching exemption
« on: December 13, 2009, 01:30:34 am »
the previous post is for the client which connects to the cammeras

to prevent caching from anyone who reaches the cameras (x.y.z.w/24 net):

acl nocacheme dst x.y.z.w/24
always_direct allow nocacheme
cache deny nocacheme

15
Installation and Upgrades / Re: Two Network Problems
« on: October 30, 2009, 01:28:40 pm »
In the beginning I had my vpn listen on the (one) external interface and I forwarded traffic only from one (1) adsl router.
The same happened that time. The same things happen now that I forward traffic from 3 adsl routers.

I have advertised all my internal networks (5) and the one external.
Do you mean that If I (and I do) advertise (among the other internal networks ) and the external one, then my vpn connection will be treaded as external ???
Do you mean that I mustn't advertise the external network?

Pages: [1] 2 3 ... 5